In case you haven’t heard, a new internet bug was discovered recently that affects the popular OpenSSL cryptographic software library. A security website dedicated to the dissemination of information about Heartbleed says:
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
In other words, it is possible for a hacker to read just about anything you have online on sites that utilize the OpenSSL library — which are a bunch. Unfortunately, there isn’t much you as an end user can do. If you are a website owner, or manage IT security for your firm, Vestra Interactive recommends changing all your passwords and those of any users you control immediately. This should already be done every quarter at the very least, so if you aren’t changing your passwords regularly, now is a good time to start.
For our clients who have an SSL certificate purchased via a 3rd party such as VeriSign, you need to contact them immediately to inquire about revoking your current certificate and having a new one reissued. Some companies do this for free, others charge. If you are a Vestra Interactive client who purchased your SSL certificate through us, we will be in contact with you if any action is needed.
So are you affected? Well, if you aren’t directly, you most certainly are indirectly. Many popular sites such as Tumblr and Yahoo use OpenSSL as do many others to encrypt the traffic across their servers. Many more, especially e-commerce sites, use OpenSSL to secure your transactions. So once again, CHANGE YOUR PASSWORDS IMMEDIATELY. EVERY SERVICE, EVERY ACCOUNT. DO IT NOW AND BE SAFE.
If you would like more information about Heartbleed, visit http://heartbleed.com.